CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-7852

HIGH
8.8
CVSS Severity Score
EPSS Score0.0200%
EPSS Percentile30.35th
Published2017年4月24日
Last Modified2026年5月13日

Vulnerability Description

D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1.

Affected Platforms (CPE)

💻
Dlink

Dcs 2230l Firmware

<= 1.03.01
💻
Dlink

Dcs 2310l Firmware

<= 1.08.01
💻
Dlink

Dcs 2332l Firmware

<= 1.08.01
💻
Dlink

Dcs 6010l Firmware

<= 1.15.01
💻
Dlink

Dcs 7010l Firmware

<= 1.08.01
💻
Dlink

Dcs 2530l Firmware

<= 1.00.21
💻
Dlink

Dcs 930l Firmware

<= 1.15.04
💻
Dlink

Dcs 930l Firmware

<= 2.13.15
💻
Dlink

Dcs 932l Firmware

<= 1.13.04
💻
Dlink

Dcs 932l Firmware

<= 2.13.15
💻
Dlink

Dcs 934l Firmware

<= 1.04.15
💻
Dlink

Dcs 942l Firmware

<= 1.27
💻
Dlink

Dcs 942l Firmware

<= 2.11.03
💻
Dlink

Dcs 931l Firmware

<= 1.13.05
💻
Dlink

Dcs 933l Firmware

<= 1.13.05
💻
Dlink

Dcs 5009l Firmware

<= 1.07.05
💻
Dlink

Dcs 5010l Firmware

<= 1.13.05
💻
Dlink

Dcs 5020l Firmware

<= 1.13.05
💻
Dlink

Dcs 5000l Firmware

<= 1.02.02
💻
Dlink

Dcs 5025l Firmware

<= 1.02.10
💻
Dlink

Dcs 5030l Firmware

<= 1.01.06
💻
Dlink

Dcs 2210l Firmware

<= 1.03.01
💻
Dlink

Dcs 2136l Firmware

<= 1.04.01
💻
Dlink

Dcs 2132l Firmware

<= 1.08.01
💻
Dlink

Dcs 7000l Firmware

<= 1.04.00
💻
Dlink

Dcs 6212l Firmware

<= 1.00.12
💻
Dlink

Dcs 5029l Firmware

<= 1.12.00
💻
Dlink

Dcs 2310l Firmware

<= 2.03.00
💻
Dlink

Dcs 2330l Firmware

<= 1.13.00
💻
Dlink

Dcs 2132l Firmware

<= 2.12.00
💻
Dlink

Dcs 5222l Firmware

<= 2.12.00

References & Advisories

🔗 https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf
🔗 https://www.qualys.com/2017/02/22/qsa-2017-02-22/qsa-2017-02-22.pdf

相關漏洞威脅

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...